When a user browses a website, small amounts of information are stored on the user's machine. The information may be stored in a file that persists between browser restarts. When the user browses the same website in the future, the information may be retrieved from the file and used. One mechanism that is common is the use of cookies. A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a file that stores a limited amount of data for use during a user's browsing session (e.g., session cookie) or for multiple sessions (e.g., persistent cookie). Cookies are useful to preserve state, maintain user authentication information, or save user preferences for a website. However, cookies are limited in functionality partly due to their maximum allowable size.
In more modern browsers, a standard known as “Web Storage” supports larger storage allocation. Web Storage offers two different storage types—local storage and session storage—which act similar to persistent and session cookies, respectively. Data stored in local storage is per domain and persists after the browser is closed. Session storage is per-page-per-window and is limited to the lifetime of the window. Session storage is intended to allow separate instances of the same web application to run in different windows without interfering with each other, a use case that's not well supported by cookie.
However, with the increase of allowable size of storage objects (both local and session types), there is a threat of a malicious activity causing large amounts of data to be written or stored at a user's machine resulting in instability, inaccessibility, or other denial of service types of attacks.